From owner-freebsd-hackers@FreeBSD.ORG  Mon Jan 19 04:46:36 2004
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 77C7116A4CE
	for <freebsd-hackers@freebsd.org>;
	Mon, 19 Jan 2004 04:46:36 -0800 (PST)
Received: from mail.rdstm.ro (mail.rdstm.ro [193.231.233.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0894743D45
	for <freebsd-hackers@freebsd.org>;
	Mon, 19 Jan 2004 04:46:35 -0800 (PST)
	(envelope-from aanton@reversedhell.net)
Received: from reversedhell.net (casa_auto [81.196.32.25])
	by mail.rdstm.ro (8.12.10/8.12.1) with ESMTP id i0JCkYJU028889
	for <freebsd-hackers@freebsd.org>; Mon, 19 Jan 2004 14:46:34 +0200
Message-ID: <400BD1D3.10201@reversedhell.net>
Date: Mon, 19 Jan 2004 14:47:15 +0200
From: Anton Alin-Adrian <aanton@reversedhell.net>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US;
	rv:1.6b) Gecko/20031212 Thunderbird/0.4
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-hackers@freebsd.org
References: <400BD0CE.6050609@reversedhell.net>
In-Reply-To: <400BD0CE.6050609@reversedhell.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: qmail remote root patch
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Jan 2004 12:46:36 -0000

Anton Alin-Adrian wrote:

> Regarding latest qmail vulnerability, I coded this quickly patch. 
> Please double-check me if I am wrong here. Forward this to 
> freebsd-security please.
>
>
> Regards,
> Alin.
>
>------------------------------------------------------------------------
>
>320c320
><       ++pos;
>---
>  
>
>>      if (pos>9) ++pos;
>>    
>>
>>------------------------------------------------------------------------
>>
>>_______________________________________________
>>freebsd-hackers@freebsd.org mailing list
>>http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
>>To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
>>    
>>
I forgot to mention about vuln:

http://www.guninski.com/qmailcrash.html